I struggle with this concept. Suppose a password manager's password sharing utility allows me to login to a web service in my browser. Couldn't I open the Network tab and observe the network request that displays the plaintext username and password?
Probably. It’s not meant to be bullet proof I don’t think, but most people who aren’t developers don’t know that the network inspector is even a thing let alone how to use it.